<!DOCTYPE html>
<html>
  <head><meta name="generator" content="Hexo 3.8.0">
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport">
  <meta name="description" content="fengzhaoyang&#39;s blog">
  <meta name="keyword" content="hexo-theme, vuejs">
  
  <link rel="shortcut icon" href="/css/images/logo.png">
  
  <title>
    
    ELK配置 | fzy-blog
    
  </title>
  <link href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet">
  <link href="//cdnjs.cloudflare.com/ajax/libs/nprogress/0.2.0/nprogress.min.css" rel="stylesheet">
  <link href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/tomorrow.min.css" rel="stylesheet">
  <link rel="stylesheet" href="/css/style.css">
  
  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/geopattern/1.2.3/js/geopattern.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/nprogress/0.2.0/nprogress.min.js"></script>
  
  <script src="/js/qrious.js"></script>
  
  
  
  
    <!-- MathJax support START -->
    <script type="text/x-mathjax-config">
      MathJax.Hub.Config({
        tex2jax: {
          inlineMath: [ ['$','$'], ["\\(","\\)"]  ],
          processEscapes: true,
          skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
        }
      });
    </script>

    <script type="text/x-mathjax-config">
      MathJax.Hub.Queue(function() {
        var all = MathJax.Hub.getAllJax(), i;
        for (i=0; i < all.length; i += 1) {
          all[i].SourceElement().parentNode.className += ' has-jax';
        }
      });
    </script>
    <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
    <!-- MathJax support END -->
  


</head>
<div class="wechat-share">
  <img src="/css/images/logo.png">
</div>
  <body>
    <header class="header fixed-header">
  <div class="header-container">
    <a class="home-link" href="/">
      <div class="logo"></div>
      <span>fzy-blog</span>
    </a>
    <ul class="right-list">
      
        <li class="list-item">
          
            <a href="/" class="item-link">Home</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/tags/" class="item-link">Tags</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/archives/" class="item-link">Archives</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/project/" class="item-link">Projects</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/about/" class="item-link">About</a>
          
        </li>
      
    </ul>
    <div class="menu">
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
    </div>
    <div class="menu-mask">
      <ul class="menu-list">
        
          <li class="menu-item">
            
              <a href="/" class="menu-link">Home</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/tags/" class="menu-link">Tags</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/archives/" class="menu-link">Archives</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/project/" class="menu-link">Projects</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/about/" class="menu-link">About</a>
            
          </li>
        
      </ul>
    </div>
  </div>
</header>

    <div id="article-banner">
  <h2>ELK配置</h2>
  <p class="post-date">2019-05-24</p>
  <div class="arrow-down">
    <a href="javascript:;"></a>
  </div>
</div>
<main class="app-body flex-box">
  <!-- Article START -->
  <article class="post-article">
    <section class="markdown-content"><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br><span class="line">148</span><br><span class="line">149</span><br><span class="line">150</span><br><span class="line">151</span><br><span class="line">152</span><br><span class="line">153</span><br><span class="line">154</span><br><span class="line">155</span><br><span class="line">156</span><br><span class="line">157</span><br><span class="line">158</span><br><span class="line">159</span><br><span class="line">160</span><br><span class="line">161</span><br><span class="line">162</span><br><span class="line">163</span><br><span class="line">164</span><br><span class="line">165</span><br></pre></td><td class="code"><pre><span class="line">logstash中文文档</span><br><span class="line"></span><br><span class="line">https://doc.yonyoucloud.com/doc/logstash-best-practice-cn/filter/date.html</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">ELK原型与介绍：</span><br><span class="line"></span><br><span class="line">http://www.cnblogs.com/aresxin/p/8035137.html</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">一、logstash配置 http://localhost:9600</span><br><span class="line"></span><br><span class="line">sudo rpm -ivh logstash-5.2.2.rpm</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span> 默认安装在 /usr/share/logstash/</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span> 配置文件在/etc/logstash/</span><br><span class="line"></span><br><span class="line"><span class="meta">#</span> 日志文件在/var/log/logstash/</span><br><span class="line"></span><br><span class="line">配置监听5044端口：</span><br><span class="line"></span><br><span class="line">sudo vi /etc/logstash/conf.d/filebeat_logstash_es.conf</span><br><span class="line"></span><br><span class="line">input &#123;</span><br><span class="line"></span><br><span class="line">   beats &#123;</span><br><span class="line"></span><br><span class="line">        port =&gt; "5044"</span><br><span class="line"></span><br><span class="line">   &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">output &#123;</span><br><span class="line"></span><br><span class="line">    elasticsearch &#123;</span><br><span class="line"></span><br><span class="line">         hosts =&gt; "localhost:9200"</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">配置方式一：</span><br><span class="line"></span><br><span class="line">input &#123;</span><br><span class="line"></span><br><span class="line">    file&#123;</span><br><span class="line"></span><br><span class="line">        path =&gt; "/Users/zhaoyang10/Downloads/logs/*.log"</span><br><span class="line"></span><br><span class="line">        start_position =&gt; "beginning"</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">output &#123;</span><br><span class="line"></span><br><span class="line">   elasticsearch &#123;</span><br><span class="line"></span><br><span class="line">        hosts =&gt; "localhost:9200"</span><br><span class="line"></span><br><span class="line">        index =&gt; "logstash-ams-%&#123;+YYYY.MM.dd&#125;"</span><br><span class="line"></span><br><span class="line">   &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">测试配置文件是否正确： bin/logstash -f first-pipeline.conf --config.test_and_exit</span><br><span class="line"></span><br><span class="line">启动：bin/logstash -f first-pipeline.conf</span><br><span class="line"></span><br><span class="line">比较常用的有：</span><br><span class="line"></span><br><span class="line">bin/logstash-plugin list #查看已安装插件列表</span><br><span class="line"></span><br><span class="line">bin/logstash-plugin install plugin_name #安装插件</span><br><span class="line"></span><br><span class="line">bin/logstash-plugin update plugin_name #卸载插件</span><br><span class="line"></span><br><span class="line">bin/logstash-plugin uninstall plugin_name #卸载插件</span><br><span class="line"></span><br><span class="line">我们通过list命令查看插件列表时候，无非下列三种类型的插件：</span><br><span class="line"></span><br><span class="line">logstash-codec-* #编码解码插件</span><br><span class="line"></span><br><span class="line">logstash-filter-* #数据处理插件</span><br><span class="line"></span><br><span class="line">logstash-input-* #输入插件</span><br><span class="line"></span><br><span class="line">logstash-output-* #输出插件</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">二、filebeat配置</span><br><span class="line"></span><br><span class="line">vi /etc/filebeat/filebeat.yml</span><br><span class="line"></span><br><span class="line">paths:</span><br><span class="line"></span><br><span class="line">    - /var/log/host.access.log</span><br><span class="line"></span><br><span class="line">output.logstash:</span><br><span class="line"></span><br><span class="line"><span class="meta">  #</span> The Logstash hosts</span><br><span class="line"></span><br><span class="line">  hosts: ["10.10.36.128:5044"]</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">三、elastic search 配置 http://localhost:9200</span><br><span class="line"></span><br><span class="line">get: http://localhost:9200/test01/_search</span><br><span class="line"></span><br><span class="line">delete：http://localhost:9200/test01/doc/_xRJOGUBPpihVJpnsqWC/</span><br><span class="line"></span><br><span class="line">put:  http://localhost:9200/song001/list001/5</span><br><span class="line"></span><br><span class="line">data：&#123;"number":32768,"singer":"杨坤","size":"777","song":"今夜20岁","tag":"中国好声音","timelen":319&#125;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">设置密码： bin/x-pack/setup-passwords auto</span><br><span class="line"></span><br><span class="line">Changed password for user kibana</span><br><span class="line"></span><br><span class="line">PASSWORD kibana = xtTAe0VGCaXfoo9jLGtd</span><br><span class="line"></span><br><span class="line">Changed password for user logstash_system</span><br><span class="line"></span><br><span class="line">PASSWORD logstash_system = TFxxvbvxgKcHEDbJrlvi</span><br><span class="line"></span><br><span class="line">Changed password for user elastic</span><br><span class="line"></span><br><span class="line">PASSWORD elastic = u2gxvTsHt8i5APS2F25T</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">四、kibana 配置  http://localhost:5601</span><br><span class="line"></span><br><span class="line">安装x-pack</span><br><span class="line"></span><br><span class="line"> bin/kibana-plugin install file://你的文件存放地址</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line">es启动命令 9200</span><br><span class="line">./bin/elasticsearch -d</span><br><span class="line">​</span><br><span class="line">kibana启动命令 5601</span><br><span class="line">./bin/kibana</span><br><span class="line">​</span><br><span class="line">logstash启动命令 9600</span><br><span class="line">安装 logstash-plugin install logstash-filter-multiline</span><br><span class="line">./bin/logstash -f ./config/logstash_filebeat.conf --config.test_and_exit</span><br><span class="line">./bin/logstash -f ./config/logstash_filebeat.conf --config.reload.automatic</span><br><span class="line">​</span><br><span class="line">filebeat启动命令 5044</span><br><span class="line">./filebeat -e -c filebeat.yml -d "publish"</span><br></pre></td></tr></table></figure>
</section>
    <!-- Tags START -->
    
    <div class="tags">
      <span>Tags:</span>
      
  <a href="/tags#分布式日志监控">
    <span class="tag-code">分布式日志监控</span>
  </a>

    </div>
    
    <!-- Tags END -->
    <!-- NAV START -->
    
  <div class="nav-container">
    <!-- reverse left and right to put prev and next in a more logic postition -->
    
      <a class="nav-left" href="/2019/05/24/分布式搜索ES/ELK/">
        <span class="nav-arrow">← </span>
        
          ELK
        
      </a>
    
    
      <a class="nav-right" href="/2019/05/24/分布式微服务架构/系统管理平台表设计/">
        
          系统管理平台表设计
        
        <span class="nav-arrow"> →</span>
      </a>
    
  </div>

    <!-- NAV END -->
    <!-- 打赏 START -->
    
    <div class="money-like">
      <div class="reward-btn">
        赏
        <span class="money-code">
          <span class="alipay-code">
            <div class="code-image"></div>
            <b>使用支付宝打赏</b>
          </span>
          <span class="wechat-code">
            <div class="code-image"></div>
            <b>使用微信打赏</b>
          </span>
        </span>
      </div>
      <p class="notice">若你觉得我的文章对你有帮助，欢迎点击上方按钮对我打赏</p>
    </div>
    
    <!-- 打赏 END -->
    <!-- 二维码 START -->
    
    <div class="qrcode">
      <canvas id="share-qrcode"></canvas>
      <p class="notice">扫描二维码，分享此文章</p>
    </div>
    
    <!-- 二维码 END -->
    
    <!-- No Comment -->
    
  </article>
  <!-- Article END -->
  <!-- Catalog START -->
  
  <aside class="catalog-container">
  <div class="toc-main">
    <strong class="toc-title">Catalog</strong>
    
      <ol class="nav">none</ol>
    
  </div>
</aside>
  
  <!-- Catalog END -->
</main>

<script>
  (function () {
    var url = 'https://fengzhaoy.github.io/2019/05/24/分布式日志监控/ELK配置/';
    var banner = ''
    if (banner !== '' && banner !== 'undefined' && banner !== 'null') {
      $('#article-banner').css({
        'background-image': 'url(' + banner + ')'
      })
    } else {
      $('#article-banner').geopattern(url)
    }
    $('.header').removeClass('fixed-header')

    // error image
    $(".markdown-content img").on('error', function () {
      $(this).attr('src', 'http://file.muyutech.com/error-img.png')
      $(this).css({
        'cursor': 'default'
      })
    })

    // zoom image
    $(".markdown-content img").on('click', function () {
      var src = $(this).attr('src')
      if (src !== 'http://file.muyutech.com/error-img.png') {
        var imageW = $(this).width()
        var imageH = $(this).height()

        var zoom = ($(window).width() * 0.95 / imageW).toFixed(2)
        zoom = zoom < 1 ? 1 : zoom
        zoom = zoom > 2 ? 2 : zoom
        var transY = (($(window).height() - imageH) / 2).toFixed(2)

        $('body').append('<div class="image-view-wrap"><div class="image-view-inner"><img src="' + src +
          '" /></div></div>')
        $('.image-view-wrap').addClass('wrap-active')
        $('.image-view-wrap img').css({
          'width': `${imageW}`,
          'transform': `translate3d(0, ${transY}px, 0) scale3d(${zoom}, ${zoom}, 1)`
        })
        $('html').css('overflow', 'hidden')

        $('.image-view-wrap').on('click', function () {
          $(this).remove()
          $('html').attr('style', '')
        })
      }
    })
  })();
</script>


<script>
  var qr = new QRious({
    element: document.getElementById('share-qrcode'),
    value: document.location.href
  });
</script>





    <div class="scroll-top">
  <span class="arrow-icon"></span>
</div>
    <footer class="app-footer">
  <p class="copyright">
    &copy; 2019
  </p>
</footer>

<script>
  function async (u, c) {
    var d = document,
      t = 'script',
      o = d.createElement(t),
      s = d.getElementsByTagName(t)[0];
    o.src = u;
    if (c) {
      o.addEventListener('load', function (e) {
        c(null, e);
      }, false);
    }
    s.parentNode.insertBefore(o, s);
  }
</script>
<script>
  async ("//cdnjs.cloudflare.com/ajax/libs/fastclick/1.0.6/fastclick.min.js", function () {
    FastClick.attach(document.body);
  })
</script>

<script>
  var hasLine = 'true';
  async ("//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js", function () {
    $('figure pre').each(function (i, block) {
      var figure = $(this).parents('figure');
      if (hasLine === 'false') {
        figure.find('.gutter').hide();
      }
      var lang = figure.attr('class').split(' ')[1] || 'code';
      var codeHtml = $(this).html();
      var codeTag = document.createElement('code');
      codeTag.className = lang;
      codeTag.innerHTML = codeHtml;
      $(this).attr('class', '').empty().html(codeTag);
      figure.attr('data-lang', lang.toUpperCase());
      hljs.highlightBlock(block);
    });
  })
</script>
<!-- Baidu Tongji -->

<script src="/js/script.js"></script>
  </body>
</html>